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AMENDMENTS TO THE SPECIFICATION: 

Please amend the paragraph bridging pages 10 and 11 as follows: 

The authentication credentials in the directory structure served by the directory server in 
the remote data center can be accessed by any web application including a web-server. For 
example, when a specific customer wishes to access a web-server, it may access the network 
site identified by the following URL: HTTPS PROT :// m0231DCl.cust.company-name.com 
(where "PROT" represents the protocol used for the communication; e.g. HTTPS) . The 
webserver consults load-balancer 132 in remote data center 108 to provide the customer 
attempting to access its account information with a log-in screen. The log-in screen may 
require various forms of verification information, such as a user identification and password, 
for example. In this manner, a customer attempting to gain access to any of the servers 126a-c, 
128a-c, 130a-c, may be granted such access only after that customer has been authenticated via 
information in the directory structure. This verification, or authentication, may be performed 
locally, as each copy of the directory structure within each of the data centers has a complete 
copy of the entire directory structure, including user authentication information. 

Please amend the paragraph that bridges pages 13 and 14 as follows: 

In operation, a user who desires to access a particular resource server for maintenance 
or similar such purposes enters the URL for that server, e.g. HTTPS PROT :// 
abcDC2.CustA.com: 1014, and is presented with a login prompt generated by the server. In 
response, the user enters a login name and password. The server then checks the 
name-password pair to determine if it is stored in the particular directory subtree with which 
that server is associated, e.g. node 204 in the case of a server that is part of Customer A's 
website. The server does so by contacting a directory service. One example of a directory 
service protocol which can be employed for this purpose is the Lightweight Directory Access 
Protocol (LDAP). This protocol is used to communicate with a directory server within the data 
center in which the resource server is located. For this purpose, each resource server has a 
client stub, or pluggable authentication module for LDAP (PAMLDAP), loaded into it. When 
the PAM LDAP is loaded onto a resource server, it determines which customer is associated 
with that server, for example by examining configuration information stored in the server or in 
a separate database. Once this information is obtained, the PAM_LDAP restricts directory 
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searches from its resource server to the particular subtree associated with the customer. Hence, 
the PAM_LDAP works with the directory server to maintain the segregation between the 
devices of different customers. 



